View more Careers at EPSILON
Follow us on: LinkedIn | Twitter | google+
Information System Security Officer (ISSO)
Security Clearance required: Top Secret with SCI Eligibility
US Citizenship Required
Location: Washington, DC
Position Summary: The ISSO is embedded in the implementation and lifecycle stages of assigned systems and serves as point of contact on all matters of cybersecurity.
- Collaborate with NS3 System Administrators for remediation on all aspects of security.
- Configuration Management (CM)/Portfolio Management for NS3 assigned classified systems including actively participate in Configuration Management for assigned system(s) and coordination with CM on hardware and software approvals for assigned system (s), Report vulnerabilities (Risk Assessment Report and Plan of Action and Milestones (POA&Ms) through Enterprise Mission Assurance Support Service(eMASS) as required for remediation action, coordinating system security requirements with system administrators and assisting with development, maintenance, and tracking of the System Security Plan (SSP), POA&M development, tracking, and resolution.
- Identify resources, milestones, and estimated completion dates to the POA&Ms as required for compliance.
- Report remediation task requirements with system administrators' feedback.
- Maintain and report NS3's systems Accreditation and Authorization status and any associated risk issues.
- Ensure all information system security related documentation is current and accessible to properly authorized individuals.
- Develop, track, resolve, and maintain the Security Plan for NS3 assigned systems.
- Create and manage POA&M entries and ensure vulnerabilities are properly tracked, mitigated, and resolved.
- Maintain Security Technical Implementation Guide (STIG) Test Plan to include new applicable STIG versions release on a quarterly basis.
- Review and update STIGs with the System Administrators.
- Provide deltas from the previous STIG to NS3's Operations Management for testing and update STIG checklist.
- Assist with identification of security control baseline set and any applicable overlays. Coordinate security control validation.
- Oversee cybersecurity testing to assess security controls. Record security control compliance status. Oversee initial risk assessment and the recording in the Security Assessment Report (SAR) of the deficiency and risk level.
- Facilitate remediation actions on the non-compliant security control findings from the SAR and reassess remediation control(s).
- Assess periodically the quality of security control implementation against performance indicators.
- Plan and perform cybersecurity testing to assess security controls and record security control compliance status during sustainment.
- Identify and analyze system malfunctions with a view towards security incidents and/or violations.
- Identify and monitor system administrators Privileged User access.
- Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and procedures as outlined in the accreditation and certification support documentation package.
- Submit mitigation plans prior to the due date for those assets requesting implementation extensions.
- Enforce Vulnerability Management Policy and Procedures to minimize risk exposure.
- Certify audit trails are conducted, reviewed, and appropriate records management are maintained.
- Support the development and maintenance of technical documentation and Standard Operating Procedures (SOPs).
- Execute the security Assessment and Authorization (A&A) process for Risk Management Framework (RMF) requirements.
- Support the Information System Security Manager with site accreditation/reaccreditation process.
- Perform updates to RMF accreditation documentation for assigned systems.
- Prepare and submit classified spillages/incident responses.
- Support the development of cyber security technical roadmaps. Serve as a cyber security thought leader.
- US Citizenship is a requirement of this position in accordance with 8 U.S.C. § 1324b(a)(2)(C)
- 'Active” Top Secret with eligibility to obtain Sensitive Compartmented Information (SCI) Clearance.
- A Bachelor's degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline, plus 10 years' experience.
- Must possess one of the following DoD level III Security professional certifications (GIAC Certified Incident Handler (GCIH), GIAC Information Security Expert (GSE), GIAC Security Leadership (GLSC), Security Certified Network Architect (SCNA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA).
- Information Technology Infrastructure Library (ITIL) 4 Foundation certification must be completed within 6 months.
- Expertise and knowledge with the Committee on National Security Systems (CNSS) Instruction No. 1253, National Institute Standards and Technology, Federal Information System Management Act 2014, Privacy Act of 1947, and implementing systems that contain Sensitive Information.
- Minimum of 5 years with DISA Security Technical Implementation Guide (STIG), RMF and NIST 800-53 knowledge and experience.
- Demonstrate strong knowledge of cybersecurity principles and NS3 requirements relevant to the confidentiality, integrity, availability, and authentication of systems operating in a classified environment.
- Proven leadership experience in security and technical risk.
- Experience in cyber security architecture and design.
- Understanding of cyber security framework and NIST Risk Management Framework (RMF).
- Effective problem solving and analytical skills; ability to work well under pressure.
- Clear and effective verbal and written communication skills.
- Highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues.
- Excellent communications, teamwork, leadership and conflict management skills.
- Desire and commitment for continuous learning to recognize new cyber vulnerabilities.
- Applies current computer science technologies to the development, evaluation, and integration of computer systems and networks to maintain system security for classified information systems.
- Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies.
- DESIRED SKILLS: Must have 7-10 years of professional experience in a medium to large size organization with complex networks.
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Physical Demands: While performing the duties of this job, this position requires the ability to sit for potentially long periods of time throughout the workday. Hearing sufficient to understand conversations, both in person and on the telephone. Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components for potentially long periods of time without experiencing abnormal hand, wrist, or eye strain. Occasional inspection of cables in floors and ceilings. Lifting and transporting moderately heavy objects, such as computers and peripherals. Must be able to lift up to 50 pounds.
- Work Environment: Includes a typical office environment, with minimal exposure to excessive noise or adverse environmental issues, including exposure to heat, cold, inclement weather conditions, and occasional environmental hazards. Local, regional, and national travel may be required.
Medical, Dental, Vision Plan
AD&D and Life Insurance
Paid Federal Holidays
Paid Time Off
401(k) Retirement Plan
View More Careers at EPSILON
Follow us on: LinkedIn | Twitter | google+
Epsilon is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. EEO/AA: Minorities/Females/Disabled/Vets.
Please click here to review your rights under EEO policy.
If you are an individual with a disability and need special assistance or reasonable accommodation in applying for employment with Epsilon, Inc., please contact our Recruiting department by phone 828-398-5414 or by email firstname.lastname@example.org.